stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfile-extattr-perl-1.09/flags.c
Examining data/libfile-extattr-perl-1.09/extattr_bsd.c
Examining data/libfile-extattr-perl-1.09/ppport.h
Examining data/libfile-extattr-perl-1.09/extattr_bsd.h
Examining data/libfile-extattr-perl-1.09/flags.h
Examining data/libfile-extattr-perl-1.09/extattr_macosx.h
Examining data/libfile-extattr-perl-1.09/portable.h
Examining data/libfile-extattr-perl-1.09/extattr_linux.c
Examining data/libfile-extattr-perl-1.09/extattr_solaris.h
Examining data/libfile-extattr-perl-1.09/extattr_os.h
Examining data/libfile-extattr-perl-1.09/extattr_macosx.c
Examining data/libfile-extattr-perl-1.09/extattr_solaris.c
Examining data/libfile-extattr-perl-1.09/extattr_linux.h

FINAL RESULTS:

data/libfile-extattr-perl-1.09/extattr_solaris.c:143:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(buf + len, de->d_name);
data/libfile-extattr-perl-1.09/extattr_bsd.c:372:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(p, NAMESPACE_USER, sizeof(NAMESPACE_USER));
data/libfile-extattr-perl-1.09/extattr_bsd.c:377:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(p, NAMESPACE_SYSTEM, sizeof(NAMESPACE_SYSTEM));
data/libfile-extattr-perl-1.09/extattr_linux.c:333:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, sbuf, sbuiltlen);
data/libfile-extattr-perl-1.09/flags.c:82:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, NAMESPACE_USER, sizeof(NAMESPACE_USER));
data/libfile-extattr-perl-1.09/extattr_bsd.c:16:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t NAMESPACE_KEYLEN = strlen(NAMESPACE_KEY);
data/libfile-extattr-perl-1.09/extattr_linux.c:16:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t slen = strlen(str);
data/libfile-extattr-perl-1.09/extattr_linux.c:47:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t NAMESPACE_KEYLEN = strlen(NAMESPACE_KEY);
data/libfile-extattr-perl-1.09/extattr_linux.c:60:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(ns, s, len);
data/libfile-extattr-perl-1.09/extattr_linux.c:82:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    reslen = strlen(pNS) + strlen(attrname) + 2; /* pNS + "." + attrname + nul */
data/libfile-extattr-perl-1.09/extattr_linux.c:82:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    reslen = strlen(pNS) + strlen(attrname) + 2; /* pNS + "." + attrname + nul */
data/libfile-extattr-perl-1.09/extattr_linux.c:291:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spos += strlen(pNS) + 1;
data/libfile-extattr-perl-1.09/extattr_linux.c:321:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    src_len = strlen(psrc) + 1;
data/libfile-extattr-perl-1.09/extattr_solaris.c:50:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      sz = read(attrfd, attrvalue, slen);
data/libfile-extattr-perl-1.09/extattr_solaris.c:126:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      const size_t namelen = strlen(de->d_name);
data/libfile-extattr-perl-1.09/flags.c:16:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t CREATE_KEYLEN = strlen(CREATE_KEY);
data/libfile-extattr-perl-1.09/flags.c:17:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t REPLACE_KEYLEN = strlen(REPLACE_KEY);
data/libfile-extattr-perl-1.09/flags.c:42:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t NAMESPACE_KEYLEN = strlen(NAMESPACE_KEY);
data/libfile-extattr-perl-1.09/ppport.h:726:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        STRLEN len = strlen(radix);

ANALYSIS SUMMARY:

Hits = 19
Lines analyzed = 3448 in approximately 0.11 seconds (32276 lines/second)
Physical Source Lines of Code (SLOC) = 2592
Hits@level = [0]   1 [1]  14 [2]   4 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  20 [1+]  19 [2+]   5 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 7.71605 [1+] 7.33025 [2+] 1.92901 [3+] 0.385802 [4+] 0.385802 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.